Post AWXJyXxYYUVgOyIpSy by cobra@fedi.vern.cc
(DIR) More posts by cobra@fedi.vern.cc
(DIR) Post #AWX61Ogw4UrNASzf6G by strypey@mastodon.nzoss.nz
2023-06-10T01:22:52Z
0 likes, 0 repeats
Does anyone know if there's a way to get LibreJS and NoScript to play nicely together? What I'd like is for NoScript to automatically trust JS from any domains that LibreJS confirms as Free Code.#LibreJS #NoScript
(DIR) Post #AWX9Db7215351ni0mG by jxself@mastodon.social
2023-06-10T01:58:40Z
0 likes, 0 repeats
@strypey If your plan is to have NoScript just accept whatever decisions LibreJS makes, why is NoScript needed at all? If LibreJS decides it's not free code then it won't be run. Just as if NoScript had blocked it. And if it is, then per this plan of NoScript & LIbreJS it would be trusted & allowed anyway which is what you're wanting. What am I missing in this picture? Having both seems redundant.
(DIR) Post #AWXB5CXlg7wQQAL3yq by wrongthink@cdrom.tokyo
2023-06-10T02:20:16.143235Z
0 likes, 0 repeats
@strypey It is in situations like this that would be really nice if browsers offered a way to control the of priority between addons. Like if you want one primary addon to handle everything, and then only hand off requests to a next-in-line addon after certain criteria have been met.But the real solution would be to have sane and intuitive controls built directly into the browser for controlling requests instead of relying on a smattering of addons.
(DIR) Post #AWXI34SxRHvMT81IvI by Suiseiseki@freesoftwareextremist.com
2023-06-10T03:37:38.838188Z
0 likes, 0 repeats
@strypey The main problem with that is LibreJS can't see any JavaScript if NoScript blocks it.Really, arbitrary JavaScript loading from remote servers with no signature checking is a terrible idea, even if the JavaScript is free software.Really, browsers should allow you to save the free JavaScript provided by a site locally and notify you if the site has made changes and if you'd like to run the latest version.Of course, no browsers will ever offer such feature and the closest we have at the moment is: https://haketilo.koszko.org/
(DIR) Post #AWXJyXxYYUVgOyIpSy by cobra@fedi.vern.cc
2023-06-10T03:59:11Z
0 likes, 0 repeats
@strypey cant you just not use noscript
(DIR) Post #AWXLDgBkLJF2DligUa by strypey@mastodon.nzoss.nz
2023-06-10T04:13:11Z
0 likes, 0 repeats
@jxselfThe reality of my life, like most people's, is that I sometimes need to run nonfree JS. That's why I 've been using NoScript rather than LibreJS. So I can temporarily turn on nonfree JS as needed. But it means that every time I follow a link to an instance of a Free Code package, I have to manually toggle it to Trusted. It would be nice not to have to.
(DIR) Post #AWXLKwREKD0ce6QP6O by strypey@mastodon.nzoss.nz
2023-06-10T04:14:29Z
0 likes, 0 repeats
@wrongthink> the real solution would be to have sane and intuitive controls built directly into the browser for controlling requests instead of relying on a smattering of addonsThis! I presume your browser will do this @alcinnz?
(DIR) Post #AWXLx1XvmWEZUaiaps by strypey@mastodon.nzoss.nz
2023-06-10T04:21:23Z
0 likes, 0 repeats
@Suiseiseki@freesoftwareextremis> arbitrary JavaScript loading from remote servers with no signature checking is a terrible idea, even if the JavaScript is free softwareAgreed. I'd go further and say JS is a terrible idea in general, and best avoided. See my many rants asking web devs to #MakeJavaScriptOptional. But for now, we have the web we have, and we have to protect both our freedom and our security as best we can while using it.@jxself @wrongthink @cobra
(DIR) Post #AWXNOIk23fiKaxwueG by alcinnz@floss.social
2023-06-10T04:37:28Z
0 likes, 0 repeats
@strypey @wrongthink I don't have the full context here, though my focus is on minimizing how much harm each request can do...And carefully designing my UX to obtain meaningful consent, rather than the illusion of it.
(DIR) Post #AWXNxr948bJhQqc1ey by alcinnz@floss.social
2023-06-10T04:43:53Z
0 likes, 0 repeats
@strypey @wrongthink Yes & no.To start with I don't support JavaScript, the harm any request can do is extremely limited. Beyond that I strive to carefully design my UX to obtain meaningful consent, rather throw prompts up for the illusion of it.Beyond that I always make it easy to switch stylesheets, & if there's desire I can go easily go further in the browserchrome I haven't put much thought into yet.
(DIR) Post #AWXQDQ0320Z3mdwVRQ by jxself@mastodon.social
2023-06-10T05:09:07Z
0 likes, 0 repeats
@strypey "The reality of my life, like most people's, is that I sometimes need to run nonfree JS. That's why I 've been using NoScript rather than LibreJS. So I can temporarily turn on nonfree JS as needed."As I understand it, LibreJS can be used for this use case too by telling it to whitelist the site (i.e., "turn on nonfree JS"). Then you temporarily do what's desired, then remove the whitelist (ie. "turn off nnonfree JS"). It still seems that one of the extensions is enough.
(DIR) Post #AWXQT4zau69XGQCM2i by jxself@mastodon.social
2023-06-10T05:11:56Z
0 likes, 0 repeats
@strypey Or another way is turning the LibreJS extension off temporarily. Either way the outcome seems the same with regard to that.
(DIR) Post #AWXR5RaLLwVyL1gHTM by jxself@mastodon.social
2023-06-10T05:18:49Z
0 likes, 0 repeats
@strypey @Suiseiseki@freesoftwareextremist.com "Really, arbitrary JavaScript loading from remote servers with no signature checking is a terrible idea, even if the JavaScript is free software"This seems an argument for blocking such JavaScript, which NoScript can do just fine (or turning it off in the browser.) Even this school of thought this doesn't seem to run afoul of the notion that having *both* extensions loaded and running simultaneously seems redundant.
(DIR) Post #AWXSPvZRg2Rh5Aam4e by strypey@mastodon.nzoss.nz
2023-06-10T05:33:50Z
0 likes, 0 repeats
@jxself > LibreJS can be used for this use case too by telling it to whitelist the siteCan I manage that on-the-fly with a drop-down menu, as I can in NoScript? I haven't used LibreJS since it was fairly new. If it now combines all the affordances of both NoScript and LibreJS, then switching to it would certainly be the ideal solution.
(DIR) Post #AWXSakpbwh4axcJevg by strypey@mastodon.nzoss.nz
2023-06-10T05:35:46Z
0 likes, 0 repeats
@jxself > Or another way is turning the LibreJS extension off temporarily. Either way the outcome seems the same with regard to thatNo, it isn't. Because NoScript allows me to selectively allow JS from some domains, while still refusing JS from others. To get some sites to work, I have to allow scripts from the primary domain and a number of third-party domains (gstatic.com is a common one), but I still want things like GoogleTagManager to be blocked.
(DIR) Post #AWXUztAYHbdRy3DwEi by jxself@mastodon.social
2023-06-10T06:02:43Z
0 likes, 0 repeats
@strypey I encourage you to try out the current version and see if might be able to meet your needs. I note it doesn't have NoScript's temporary allow but a permanent allow that you later remove seems more or less equivalent. 😀
(DIR) Post #AWXaSlDrPI3XUSMFJQ by strypey@mastodon.nzoss.nz
2023-06-10T07:03:58Z
0 likes, 0 repeats
@jxself > I note it doesn't have NoScript's temporary allow but a permanent allow that you later remove seems more or less equivalentIn good UX, there's a huge distance between "more" and "less" and this is a great example. Not only does LibreJS not give me an equivalent of the Temp Trusted option, it doesn't give me the single-click drop-down menu NoScript does either (or if it does this isn't the default).(1/?)
(DIR) Post #AWXau2HC6qUACTvHmK by strypey@mastodon.nzoss.nz
2023-06-10T07:08:22Z
0 likes, 0 repeats
@jxself After quickly testing it with instances of Mastodon, Lemmy, Discourse and Element, I found that getting them to work required me to;* click on the puzzle piece icon* click on the LibreJS entry* click reload inside the LibreJS menu* click out of the menu and reload the pageEven then some page elements still don't work.All that to do what NoScript allows me to do with one click on the NoScript icon, one click on Temp Trusted, and one click out.(2/2)
(DIR) Post #AWXbIXJsLKC3QfrNLc by strypey@mastodon.nzoss.nz
2023-06-10T07:13:19Z
0 likes, 0 repeats
@jxselfWho is doing active development on LibreJS? I'd be happy to put some time into working with then on improving the UX.(3/3)
(DIR) Post #AWY5loUwY9c7jKugVs by jxself@mastodon.social
2023-06-10T12:54:39Z
0 likes, 0 repeats
@strypey The GNU LIbreJS mailing list is probably best for such things.
(DIR) Post #AWYCmWWbYhLjxKyZyi by strypey@mastodon.nzoss.nz
2023-06-10T14:13:21Z
0 likes, 0 repeats
@jxself> The GNU LIbreJS mailing list is probably best for such thingsOK, but who do I need to address UX feedback to and will they care? I want to help, but I'm too busy to waste time giving help that's unwanted.
(DIR) Post #AWYCruxQ99FzBE5i9A by strypey@mastodon.nzoss.nz
2023-06-10T14:14:19Z
0 likes, 0 repeats
@jxself> The GNU LIbreJS mailing list is probably best for such thingsOK, but who do I need to address UX feedback to and will they care? I want to help, but I'm too busy to waste time giving help that's unwanted. That's why I haven't been as active on the Trisquel forums for a while. I felt like I was mostly shouting into the void.